September 2016 - keycloak-dev - Jboss List Archives

Move documentation to a single book/repository

by Stian Thorgersen

To simplify maintaining and editing the documentation I propose we move all guides to a single repository and a single book on Gitbook. I did a quick check to see it works here: https://stianst.gitbooks.io/keycloak-documentation/content/index.html Opinions?

8 years, 2 months

4
4
0 / 0

org.jvnet.libpam.UnixUserTest on Windows

by Ngo Thanh Nghi

UnixUserTest will fail on Windows. Could we remove or update this test to work in Windows environment? Ngo

8 years, 2 months

3
2
0 / 0

Debug/trace logging in services broken

by Stian Thorgersen

A lot of debug/trace logging goes directly to org.keycloak.services. This is completely broken as it's impossible to filter and it's not possible to enable debug/trace for specific parts. Added: https://issues.jboss.org/browse/KEYCLOAK-3635 Generic info and error statements can use org.keycloak.services, but debug/trace should use the logger for the class. Classes should just have a regular JBoss Logger. For generic info/error statements they should just use: ServicesLogger.ROOT_LOGGER.???(???) Comments?

8 years, 2 months

3
2
0 / 0

Re: [keycloak-dev] Move documentation to a single book/repository (Stian Thorgersen)

by Valerij Timofeev

It's a very good idea for using the documentation as well. Sometimes it is necessary to search almost all seven sources of documentation for some topics. Date: Thu, 29 Sep 2016 09:27:29 +0200 > From: Stian Thorgersen <sthorger(a)redhat.com> > Subject: [keycloak-dev] Move documentation to a single book/repository > To: keycloak-dev <keycloak-dev(a)lists.jboss.org> > > > To simplify maintaining and editing the documentation I propose we move all > guides to a single repository and a single book on Gitbook. > > I did a quick check to see it works here: > https://stianst.gitbooks.io/keycloak-documentation/content/index.html > > Opinions? >

8 years, 2 months

2
1
0 / 0

Script based ProtocolMappers

by Thomas Darimont

Hi folks, I was thinking about leveraging the new scripting support for ProtocolMappers. Issue is here: Script based ProtocolMapper https://issues.jboss.org/browse/KEYCLOAK-3599 Would look similar to script based authenticators but would come with a different quickstart template. For reference current script authenticator template is: scripts/authenticator-template.js in keycloak-services What do you think? Cheers, Thomas

8 years, 2 months

2
1
0 / 0

Bug in User Roles inherited from Groups

by Erik Berdonces Bonelo

Hello, I’m mailing here as I found a bug, but I’m not sure if it’s an expected result. According to the documentation (https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/gr...) Groups in Keycloak allow you to manage a common set of attributes and role mappings for a set of users. Users can be members of zero or more groups. Users inherit the attributes and role mappings assigned to each group. Then, I assume that if I assign a role to a group, and it appears in the ‘Effective Roles’ tab of the group, any user inside of the group will inherit the roles. The problem: I’ve been testing with a simple OpenID Connect client in confidential mode, and the user doesn’t have any of this roles (I exposed Role as a mapper using User Realm Role mapper) and fetched the roles using an OIDC client. However, if I assign the roles directly to the user, the roles are returned as expected, in the User Info endpoint. Is it possible that there is a bug in the group system that is not giving the proper roles to the underneath users? Thanks a lot for your time, and have a nice week! — Best Regards, Erik Berdonces Bonelo

8 years, 2 months

3
4
0 / 0

Re: [keycloak-dev] Possible BUG creating User via REST API

by Sebastien Blanc

Hard to tell without seeing whole your code but when you create your user you don't have this issue, right ? Do you do the reset in the same "flow" of code ? On Thu, Sep 29, 2016 at 10:36 PM, Maurício Giacomini Penteado < mauriciogiacomini(a)hotmail.com> wrote: > Hi Sebastien, thanks for answering. > > Sorry, my last message was not complete. > > I am trying your code but I always got a "Failed executing GET > /admin/realms/SGCD/users: org.jboss.resteasy.spi.UnauthorizedException: > Bearer" > > I tryed set the Bearer Token using the code that follows (but I do not > have successful): > > ResteasyClient resteasyClient = new ResteasyClientBuilder() > .connectionPoolSize(10).build(); > resteasyClient.target(KEYCLOAK_HOST) > .register(BEARER_TOKEN); > > Keycloak kc = KeycloakBuilder.builder() > .resteasyClient(resteasyClient) > .build(); > > kc.realm("SGCD").users().get(userId).resetPassword(credential); > > Please, you know if Is there some way for I put my bearer token on call > of resetPassword or on build of KeycloakBuilder? > > Regards, > Maurício. > > > > ------------------------------ > *De:* Sebastien Blanc <sblanc(a)redhat.com> > *Enviado:* quinta-feira, 29 de setembro de 2016 14:08 > *Para:* Maurício Giacomini Penteado > *Assunto:* Re: [keycloak-dev] Possible BUG creating User via REST API > > Hi Mauricio, > > This is not a bug, you need to reset the password after that the user has > been created, using something like : > > CredentialRepresentation credentials = new CredentialRepresentation(); > credentials.setType(CredentialRepresentation.PASSWORD); > credentials.setValue("password"); > > keycloak.realm("realm").users().get(id).resetPassword(creden > tials); > > > > > On Thu, Sep 29, 2016 at 3:51 PM, Maurício Giacomini Penteado < > mauriciogiacomini(a)hotmail.com> wrote: > >> Hello everybody, >> >> All times that I create an user via REST API I have to do login on >> keycloak using administrator account and have to update the credentials >> from user created via REST API with temporary password setted to false. >> Just if I do these procedures I can do login on my app using the user >> created via REST API. >> >> I am using the follow code to create an user via REST API: >> ..... >> CredentialRepresentation credential = new >> CredentialRepresentation(); >> credential.setType(CredentialRepresentation.PASSWORD); >> credential.setValue("test123"); >> credential.setTemporary(false); >> >> UserRepresentation user = new UserRepresentation(); >> user.setUsername("testuser"); >> user.setFirstName("Test"); >> user.setLastName("User"); >> user.setCredentials(Arrays.asList(credential)); >> user.setEnabled(true); >> >> Response result = kc.realm("rest-example").users().create(user); >> >> I have setted on code false for temporary credential and user as enabled, >> even so, I can not do login on my application using the created user >> without do the procedures that I wrote at the beginning of this issue. >> >> I think that REST API is not respecting the properties of temporary >> credential setted to false and user setted as enabled. It can be a BUG? >> >> If anybody knows how can I update the credentials from a new user created >> via REST API leaving it able to do login on my application please let me >> know. >> >> Regards, >> Maurício. >> >> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > >

8 years, 2 months

1
0
0 / 0

Testing zip attachment blocked #take2

by Stian Thorgersen

8 years, 2 months

1
0
0 / 0

Testing zip attachment blocked

by Stian Thorgersen

Testing zip attachment blocked

8 years, 2 months

1
0
0 / 0

Re: [keycloak-dev] Possible BUG creating User via REST API

by Maurício Giacomini Penteado

Hi Sebastien, thanks for answering. I am trying your code but, I always receive a "Failed executing GET /admin/realms/SGCD/users: org.jboss.resteasy.spi.UnauthorizedException: Bearer". Please, you know if Is there some way for I put my bearer token on resetPassword call or on KeycloakBuilder? I have tried using: ResteasyClient resteasyClient = new ResteasyClientBuilder() .connectionPoolSize(10).build(); resteasyClient.target(KEYCLOAK_HOST) .register(BEARER_TOKEN); ________________________________ De: Sebastien Blanc <sblanc(a)redhat.com> Enviado: quinta-feira, 29 de setembro de 2016 14:08 Para: Maurício Giacomini Penteado Assunto: Re: [keycloak-dev] Possible BUG creating User via REST API Hi Mauricio, This is not a bug, you need to reset the password after that the user has been created, using something like : CredentialRepresentation credentials = new CredentialRepresentation(); credentials.setType(CredentialRepresentation.PASSWORD); credentials.setValue("password"); keycloak.realm("realm").users().get(id).resetPassword(credentials); On Thu, Sep 29, 2016 at 3:51 PM, Maurício Giacomini Penteado <mauriciogiacomini(a)hotmail.com<mailto:mauriciogiacomini@hotmail.com>> wrote: Hello everybody, All times that I create an user via REST API I have to do login on keycloak using administrator account and have to update the credentials from user created via REST API with temporary password setted to false. Just if I do these procedures I can do login on my app using the user created via REST API. I am using the follow code to create an user via REST API: ..... CredentialRepresentation credential = new CredentialRepresentation(); credential.setType(CredentialRepresentation.PASSWORD); credential.setValue("test123"); credential.setTemporary(false); UserRepresentation user = new UserRepresentation(); user.setUsername("testuser"); user.setFirstName("Test"); user.setLastName("User"); user.setCredentials(Arrays.asList(credential)); user.setEnabled(true); Response result = kc.realm("rest-example").users().create(user); I have setted on code false for temporary credential and user as enabled, even so, I can not do login on my application using the created user without do the procedures that I wrote at the beginning of this issue. I think that REST API is not respecting the properties of temporary credential setted to false and user setted as enabled. It can be a BUG? If anybody knows how can I update the credentials from a new user created via REST API leaving it able to do login on my application please let me know. Regards, Maurício. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org<mailto:keycloak-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev

8 years, 2 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev September 2016